Traditionally, access controls to data are enforced by employing trusted servers to store data and mediate access control. However, services are increasingly storing data across many servers shared with other data owners. An example of this is cloud computing which has the great potential of providing various services to the society at significantly reduced cost due to aggregated management of elastic resources. Since software systems are not guaranteed to be bug-free and hardware platforms are not under direct control of data owners in such distributed systems, security risks are abundant. To mitigate users’ security and privacy concerns about their data, a common solution is to outsource data in encrypted form so that it will remain private even if data servers are not trusted or compromised. The encrypted data, however, must be amenable to sharing and access control. In this talk, I will discuss various security issues related to outsourced data storage and provide an overview of emerging solutions for realizing secure access to encrypted data in untrusted servers.